Those docs appear to imply that passivators are essentially require, or authenticated state information gets shared, no?
________________________________ From: cas-user@apereo.org <cas-user@apereo.org> on behalf of David Curry <david.cu...@newschool.edu> Sent: January 10, 2020 5:15 PM To: CAS Community <cas-user@apereo.org> Subject: Re: [cas-user] cas 5.2.x leaking connections You might want to experiment with turning the passivator off, or changing its setting. Not sure that's it, but it might help? https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#why-passivators -- DAVID A. CURRY, CISSP DIRECTOR • INFORMATION SECURITY & PRIVACY THE NEW SCHOOL • INFORMATION TECHNOLOGY 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 +1 646 909-4728 • david.cu...@newschool.edu<mailto:david.cu...@newschool.edu> On Fri, Jan 10, 2020 at 5:40 PM Trenton D. Adams <tre...@athabascau.ca<mailto:tre...@athabascau.ca>> wrote: Good day, We are having some problems with CAS 5.2.x leaking connections in our production environment. We're not sure how or why this is happening. What we do know is that they are no longer part of the pool, because if they were we'd run out of connections in the pool. However, there is a limit to the number of connections an LDAP server can handle, so it requires a CAS restart regularly. Below is the configuration we're using for both LDAP and the password manager. We were hoping someone understand why this could be happening, as the CAS documentation is not very good for these settings, and neither are the javadoc or Ldaptive docs. I hope someone with more CAS experience, such as a dev, might be able to help? cas.authn.ldap[0].type=ANONYMOUS cas.authn.ldap[0].ldapUrl=ldap://ldap.example.com:389 cas.authn.ldap[0].useSsl=false cas.authn.ldap[0].baseDn=ou=Student,ou=People,dc=example,dc=com cas.authn.ldap[0].userFilter=uid={user} cas.authn.ldap[0].principalAttributeId=uid cas.authn.ldap[0].principalAttributeList=uid,udcid:UDC_IDENTIFIER cas.authn.ldap[1].type=ANONYMOUS cas.authn.ldap[1].ldapUrl=ldap://ldap.example.ca:389 cas.authn.ldap[1].useSsl=false cas.authn.ldap[1].baseDn=ou=Staff,ou=People,dc=example,dc=com cas.authn.ldap[1].userFilter=uid={user} cas.authn.ldap[1].principalAttributeId=uid cas.authn.ldap[1].principalAttributeList=uid,udcid:UDC_IDENTIFIER cas.authn.pm.ldap.type=GENERIC cas.authn.pm.ldap.ldapUrl=ldap://ldap.example.com:389 cas.authn.pm.ldap.connectionStrategy=ACTIVE_PASSIVE cas.authn.pm.ldap.useSsl=false cas.authn.pm.ldap.useStartTls=false cas.authn.pm.ldap.connectTimeout=5000 cas.authn.pm.ldap.baseDn=ou=People,dc=example,dc=com cas.authn.pm.ldap.userFilter=uid={user} cas.authn.pm.ldap.subtreeSearch=true cas.authn.pm.ldap.bindDn=cn=Manager,dc=example,dc=com cas.authn.pm.ldap.bindCredential= cas.authn.pm.ldap.trustCertificates= cas.authn.pm.ldap.poolPassivator=BIND cas.authn.pm.ldap.minPoolSize=3 cas.authn.pm.ldap.maxPoolSize=10 cas.authn.pm.ldap.validateOnCheckout=true cas.authn.pm.ldap.validatePeriodically=true cas.authn.pm.ldap.validatePeriod=600 cas.authn.pm.ldap.validateTimeout=5000 cas.authn.pm.ldap.failFast=false cas.authn.pm.ldap.idleTime=500 cas.authn.pm.ldap.prunePeriod=600 cas.authn.pm.ldap.blockWaitTime=5000 cas.authn.pm.ldap.providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider cas.authn.pm.ldap.securityQuestionsAttributes.challengeQuestion=challengeResponse cas.authn.pm.ldap.validator.type=SEARCH cas.authn.pm.ldap.validator.baseDn=ou=Staff,ou=People,dc=example,dc=com cas.authn.pm.ldap.validator.searchFilter=(uid=some-user) cas.authn.pm.ldap.validator.scope=ONELEVEL cas.authn.pm.ldap.validator.attributeName=cn cas.authn.pm.ldap.validator.attributeValues=Some Name cas.authn.pm.ldap.validator.dn= -- Trenton D. Adams Senior Systems Analyst/Web Software Developer Applications Unit - ITS Athabasca University (780) 675-6195 It is only when you are surrounded by a supportive team, that you can achieve your best. Instead of tearing people down, try building them up! -- This communication is intended for the use of the recipient to whom it is addressed, and may contain confidential, personal, and or privileged information. Please contact us immediately if you are not the intended recipient of this communication, and do not copy, distribute, or take action relying on it. Any communications received in error, or subsequent reply, should be deleted or destroyed. --- -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/8a565299-d009-ea66-8a01-b3b8bdb4146d%40athabascau.ca<https://groups.google.com/a/apereo.org/d/msgid/cas-user/8a565299-d009-ea66-8a01-b3b8bdb4146d%40athabascau.ca?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAPq7iK7YZkq2L6k54es%2BUdWGr506fZXc%3DNK%2BRY4ubY8xw%40mail.gmail.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAPq7iK7YZkq2L6k54es%2BUdWGr506fZXc%3DNK%2BRY4ubY8xw%40mail.gmail.com?utm_medium=email&utm_source=footer>. -- This communication is intended for the use of the recipient to whom it is addressed, and may contain confidential, personal, and or privileged information. Please contact us immediately if you are not the intended recipient of this communication, and do not copy, distribute, or take action relying on it. Any communications received in error, or subsequent reply, should be deleted or destroyed. --- -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/SN6PR13MB22727421B26070B973A1E0D0D53B0%40SN6PR13MB2272.namprd13.prod.outlook.com.